3.7 Ensure that SharePoint is set to reject or delay network traffic generated above traffic volume thresholds - maxBandwidth

Information

SharePoint must reject or delay, as defined by the organization, network traffic generated above configurable traffic volume thresholds.
Rationale:
It is critical when a system is at risk of failing to process audit logs as required; actions are automatically taken to mitigate the failure or risk of failure.
One method used to thwart the auditing system is for an attacker to attempt to overwhelm the auditing system with large amounts of irrelevant data. Consequently, either audit logs are being overwritten or disk space is being exhausted. In such cases, activity is either being erased from the logs or not recorded at all due to the lack of disk space.
In many system configurations, the disk space allocated to the auditing system is separate from the disks allocated for the operating system; therefore, this may not result in a system outage.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Access the Internet Information Service Manager on the appropriate SharePoint server.
1. For each site IIS site subject to user traffic, select the site.
2. Click Advanced Settings.
3. Expand Connection Limits.
4. Ensure the following settings possess a value:
* Connection Time-Out
* Maximum Bandwidth
* Maximum Concurrent Connections
5. Repeat steps for each site subject to user traffic.

See Also

https://workbench.cisecurity.org/files/2031

Item Details

Category: SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|SC-5, CSCv6|9

Plugin: Windows

Control ID: 6f7c1eb571c1206dba645d221a89eea4242b33cb978b0e180216af9ecbe23a07